Meta

Reagan’s Executive Order 12333

Despite the pressure that has been generated to reform NSA surveillance of Americans under the FISA Act, there remains a huge program that the NSA operates completely without regard to FISA. It is called Executive Order 12333, it was put in place during the Reagan Administration and it continues unchanged.

The guts of the order provide that there is no protection for American’s communications if the communications are collected by US intelligence agencies outside the United States. There is no right to appeal the collection and no restrictions on how long the collections can be retained. No warrants are required. The order is not a statute and has never been subjected to judicial review for constitutional compliance. And this program does not collect merely metadata; it collects the full content of communications. It is in many respects less constitutional than the NSA’s telephone metadata collection program.

Writing in the Washington Post, John Napier Tye, who served as section chief for Internet freedom in the State Department’s Bureau of Democracy, Human Rights and Labor from January 2011 to April 2014, has called out the dangers of EO 12333.

A legal regime in which U.S. citizens’ data receives different levels of privacy and oversight, depending on whether it is collected inside or outside U.S. borders, may have made sense when most communications by U.S. persons stayed inside the United States. But today, U.S. communications increasingly travel across U.S. borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.

Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.

Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users’ data.

The attorney general, rather than a court, must approve “minimization procedures” for handling the data of U.S. persons that is collected under 12333, to protect their rights. I do not know the details of those procedures. But the director of national intelligence recently declassified a document (United States Signals Intelligence Directive 18) showing that U.S. agencies may retain such data for five years.

* * *

When I started at the State Department, I took an oath to protect the Constitution of the United States. I don’t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens’ online communications, without any court or congressional oversight, and without any suspicion of wrongdoing. Such a legal regime risks abuse in the long run, regardless of whether one trusts the individuals in office at a particular moment.

I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?

The President has specifically indicated that he intends to do nothing to disclose or eliminate this abusive program. So it appears that the President believes that the Fourth Amendment rights of US citizens end at the border, and anything that can be captured elsewhere is fair game. Even Dianne Feinstein, Chair of the Senate Intelligence Committee and a staunch NSA defender, has said that Congressional oversight of the program is limited.

Feinstein has consistently defended the NSA’s collection of domestic cellphone metadata, saying the program under which it is doing so is overseen by both the courts and Congress. But even she has said the 12333 programs skirt similar protections.

“The other programs do not (have the same oversight as FISA). And that’s what we need to take a look at,” she said, adding that her committee has not been able to “sufficiently” oversee the programs run under the executive order. “Twelve-triple-three programs are under the executive branch entirely.”

Feinstein has also said the order has few, if any, privacy protections. “I don’t think privacy protections are built into it,” she said. “It’s an executive policy. The executive controls intelligence in the country.”

Right. Also, the NSA clearly has tapped the network connections of all the ISPs. In response, Google, Apple, Yahoo, Microsoft and others are in the process of encrypting the traffic between their data centers.

By the way, there is a new totally encrypted email service that is ramping up. It is called ProtonMail and is free (subject to usage limits and there is a waiting list to get in). https://protonmail.ch/ My address on that system is bfreer@protonmail.ch.